[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips July 25, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx;
- Subject: Clips July 25, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Fri, 25 Jul 2003 15:29:20 -0400
Clips July 25, 2003
ARTICLES
Computer Voting Is Open to Easy Fraud, Experts Say
Anti-Porn Bill Targets File Sharing
Star Wars video prompts lawsuit
Cybersecurity laws spread
Emergency teams get new tech
Defense to test privacy training tool
Music-Sharing Subpoenas Targets Parents
Counterfeit ring hacks Nebraska bank's computer
*******************************
New York Times
July 24, 2003
Computer Voting Is Open to Easy Fraud, Experts Say
By JOHN SCHWARTZ
The software that runs many high-tech voting machines contains serious flaws that would allow voters to cast extra votes and permit poll workers to alter ballots without being detected, computer security researchers said yesterday.
"We found some stunning, stunning flaws," said Aviel D. Rubin, technical director of the Information Security Institute at Johns Hopkins University, who led a team that examined the software from Diebold Election Systems, which has about 33,000 voting machines operating in the United States.
The systems, in which voters are given computer-chip-bearing smart cards to operate the machines, could be tricked by anyone with $100 worth of computer equipment, said Adam Stubblefield, a co-author of the paper.
"With what we found, practically anyone in the country from a teenager on up could produce these smart cards that could allow someone to vote as many times as they like," Mr. Stubblefield said.
The software was initially obtained by critics of electronic voting, who discovered it on a Diebold Internet site in January. This is the first review of the software by recognized computer security experts.
A spokesman for Diebold, Joe Richardson, said the company could not comment in detail until it had seen the full report. He said that the software on the site was "about a year old" and that "if there were problems with it, the code could have been rectified or changed" since then. The company, he said, puts its software through rigorous testing.
"We're constantly improving it so the technology we have 10 years from now will be better than what we have today," Mr. Richardson said. "We're always open to anything that can improve our systems."
Another co-author of the paper, Tadayoshi Kohno, said it was unlikely that the company had plugged all of the holes they discovered.
"There is no easy fix," Mr. Kohno said.
The move to electronic voting which intensified after the troubled Florida presidential balloting in 2000 has been a source of controversy among security researchers. They argue that the companies should open their software to public review to be sure it operates properly.
Mr. Richardson of Diebold said the company's voting-machine source code, the basis of its computer program, had been certified by an independent testing group. Outsiders might want more access, he said, but "we don't feel it's necessary to turn it over to everyone who asks to see it, because it is proprietary."
Diebold is one of the most successful companies in this field. Georgia and Maryland are among its clients, as are many counties around the country. The Maryland contract, announced this month, is worth $56 million.
Diebold, based in North Canton, Ohio, is best known as a maker of automated teller machines. The company acquired Global Election Systems last year and renamed it Diebold Election Systems. Last year the election unit contributed more than $110 million in sales to the company's $2 billion in revenue.
As an industry leader, Diebold has been the focus of much of the controversy over high-tech voting. Some people, in comments widely circulated on the Internet, contend that the company's software has been designed to allow voter fraud. Mr. Rubin called such assertions "ludicrous" and said the software's flaws showed the hallmarks of poor design, not subterfuge.
The list of flaws in the Diebold software is long, according to the paper, which is online at avirubin .com/vote.pdf. Among other things, the researchers said, ballots could be altered by anyone with access to a machine, so that a voter might think he is casting a ballot for one candidate while the vote is recorded for an opponent.
The kind of scrutiny that the researchers applied to the Diebold software would turn up flaws in all but the most rigorously produced software, Mr. Stubblefield said. But the standards must be as high as the stakes, he said.
"This isn't the code for a vending machine," he said. "This is the code that protects our democracy."
Still, things that seem troubling in coding may not be as big a problem in the real world, Mr. Richardson said. For example, counties restrict access to the voting machines before and after elections, he said. While the researchers "are all experts at writing code, they may not have a full understanding of how elections are run," he said.
But Douglas W. Jones, an associate professor of computer science at the University of Iowa, said he was shocked to discover flaws cited in Mr. Rubin's paper that he had mentioned to the system's developers about five years ago as a state elections official.
"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.
Peter G. Neumann, an expert in computer security at SRI International, said the Diebold code was "just the tip of the iceberg" of problems with electronic voting systems.
"This is an iceberg that needs to be hacked at a good bit," Mr. Neumann said, "so this is a step forward."
*******************************
Washington Post
Anti-Porn Bill Targets File Sharing
By David McGuire
washingtonpost.com Staff Writer
Thursday, July 24, 2003; 4:21 PM
Online file-swapping services would be required to get parental consent before allowing children to use their software under a new bill to be introduced today in Congress.
The Protecting Children from Peer-to-Peer Pornography Act is intended to prevent children from downloading pornographic material, which is widely available for free through file-sharing services like Morpheus and Kazaa.
Besides requiring parental consent, the bill would allow parents to install "beacons" on their computers that signal their desire to not have file-sharing software. If a child tries to download the software, networks would have to refuse when they see the beacon. The beacons would be developed by the Federal Trade Commission with assistance from the Commerce Department.
It also would require file-sharing networks to warn users about the dangers of file sharing. Several studies have shown that the networks are rife with pornography.
There are 57 million Americans who swap files, according to the Boston-based Yankee Group research firm. Forty percent of them are children, according to the bill's sponsors, Rep. Joe Pitts (R-Pa.) and Chris John (D-La.).
Morpheus, Kazaa and other services have attained notoriety in the past several years for allowing widespread music swapping, but they can be used to trade documents, images, videos and any other kind of digital file. A recent study by Ames, Iowa-based Internet security firm Palisade Systems found that users of the Gnutella file-sharing network searched for pornography more often than they searched for music.
Pitts drafted the bill after reading a General Accounting Office (GAO) study showing the high availability of pornography on file-sharing networks, said spokesman Derek Karchner. GAO investigators in a test of the Kazaa network entered search terms including Pokemon, Britney Spears and Olsen Twins. More than 40 percent of the returns for those searches yielded child pornography, and another 30 percent returned adult pornography.
"He couldn't sit by and let that happen unregulated," Karchner said.
Fred von Lohmann, a senior staff attorney at the San Francisco-based Electronic Frontier Foundation (EFF), said he is skeptical about the viability of the beacons.
"I'm a little flabbergasted. I have no idea how you would even begin to build such a thing. The reality is that parents have to supervise their kids online and there is no government provision that is going to replace that supervision," he said. "Undergraduate computer science students can write these [file-sharing programs] in under a week. There's a [mistaken] notion that there might be a company and if there's a company, federal regulators can grab them."
Wayne Rosso, president of West Indies-based file-sharing network Grokster, said children also can find pornography with popular search engines like Google.
Peer-to-peer "should not just be singled out," he said. "There's no more or less of a pornography problem on [file-sharing networks] than there is on the entire World Wide Web. Pornography's only there if you're searching for it. It's not something that just pops up in your face like 'spam' on AOL."
The GAO study noted that there is far more pornography available on the Internet through normal search engine services than on peer-to-peer networks.
Greg Bildson, the chief technical officer of New York-based file-sharing firm LimeWire, said he has no problem forcing users to confirm that they are adults before downloading LimeWire, but said anything more complicated than a simple question with a yes/no answer would be difficult to administer and could compromise customer privacy.
The Recording Industry Association of America (RIAA) supports the bill, according to a spokeswoman for the group.
The association has sent out hundreds of subpoenas to Internet users suspected of using file-sharing networks to illegally swap copyrighted digital music files.
*******************************
BBC Online
Star Wars video prompts lawsuit
A Canadian teenager has launched legal action against classmates who put a video of him online, saying that the publicity has left him mentally scarred.
Ghyslain Raza became known as the "Star Wars Kid" after a video of him using a golf ball retriever to emulate the light sabre slinging tricks of Darth Maul was posted on the net.
The video was hugely popular and some people even added effects to make the golf ball retriever look and sound like a light sabre.
But the public exposure of the clip proved a burden for Mr Raza, who has been through psychiatric care to cope with his unwanted publicity.
Cash call
The 15-year-old made the two minute video as part of a class project but probably never intended it to be seen by anyone else as it is not a flattering portrayal of his sabre-twirling skills.
The lawsuit filed last week alleges that four classmates of Mr Raza stole the video from the cupboard in which it was being stored, digitized the clip, posted it online and then invited people to view it and make insulting remarks.
Since the original was posted on the Kazaa file-sharing system, it has been downloaded and passed around to millions of people and Mr Raza's story has been featured in newspapers all over the world.
Now there are about 38 versions of the original video that add all kinds of effects to his stick twirling tricks or mock Mr Raza.
One site has started a petition to convince George Lucas to feature Ghyslain in the forthcoming Star Wars film.
The lawsuit says that Mr Raza has had to endure harassment and derision from his school mates and the general public because of the publicity that the clip received.
It also says that Mr Raza is undergoing psychiatric care to cope with the publicity and reaction.
Lawyers for Mr Raza are claiming compensation of 225,000 Canadian dollars (£100,000) from the four boys who allegedly stole the video and put it online.
The story about the lawsuit first appeared in Canada's Globe and Mail newspaper.
*******************************
Federal Computer Week
Congress pushed on Web accessibility
BY Sarah Bailey
July 24, 2003
Advocates for people with disabilities want Congress to be forced into improving accessibility of its Web sites.
Members of Congress have made progress in making their Web pages more available to people with disabilities in the two years since a law to improve the accessibility of taxpayer-supported sites was passed, but they likely would do even more if their compliance with the law was mandatory rather than voluntary, experts and advocates for people with disabilities said.
Assessing congressional compliance with the law, known as Section 508 of the Rehabilitation Act of 1998, was a theme of the second annual Congressional Web Accessibility Day, held July 22. The statute requires federal agencies to develop, procure and maintain information technology that is accessible to persons with disabilities.
Rep. Jim Langevin (D-R.I.), who was paralyzed at age 16 after a gun accident, said he has drafted legislation requiring congressional compliance with the law. Langevin, who co-chairs Congress' Bipartisan Disabilities Caucus, added that he is also trying to get more money approved for the initiative. Meanwhile, he encouraged the expansion of programs informing people about Section 508's importance.
Since the law was passed, 130 congressional offices have requested help in making sites more accessible to people with disabilities, according to Ali Qureshi, Web systems branch manager at the House Information Resources Department. About 20 percent of these offices specifically wanted to make their sites compatible with Section 508, he said.
Others at the event said that Web sites should be accessible and informative. Kathy Goldschmidt, director of technology services for the Congressional Management Foundation, gave five tips for making sites more accessible:
* Post descriptions of all images.
* Make links easy to understand out of context.
* Make it possible to skip repetitive lists of links.
* Avoid any blinking, flashing or moving elements.
* Include links to where users can download plug-ins, when needed.
*******************************
Federal Computer Week
Cybersecurity laws spread
BY Dibya Sarkar
July 23, 2003
At least 34 states are considering bills or have enacted laws on security for computers and networks, according to a new report.
Since fall 2001, at least 24 states have introduced bills and 10 states have passed laws addressing information security, said a report released Tuesday by the National Conference of State Legislatures (NCSL). Among the states with new statutes: Florida, Michigan, California, Illinois, Kansas, Nevada, South Carolina, Tennessee, Texas and Virginia.
For example, Florida now allows police to investigate attacks on protected computers owned by financial institutions and government agencies. Until Jan. 1, 2006, California's legislature can hold closed sessions on potential threats of terrorist activity against state-owned personnel and property, including electronic data. Michigan imposed penalties against people who use the Internet or telecommunications systems or devices to disrupt critical infrastructure or government operations.
The Task Force on Protecting Democracy released the report during the legislature association's annual conference this week in San Francisco. Massachusetts state Sen. Richard Moore, co-chairman of the task force, said recent attention has gone to improving information system security across state governments because legislators understand that critical services, such as water facilities and transportation, rely on computers more than ever.
The legislatures' group is working with representatives from Fortune 300 companies, to ensure that states don't develop a hodgepodge of security policies and systems that would hinder economic development.
Better collaboration with the federal government and the private sector has helped state chief information officers improve security, said Patrick O'Donnell, task force co-chairman and the Nebraska Legislature's clerk. "I think [we're] better prepared today than in fall 2001," he said, though he noted that no system can be 100 percent secure.
Tuesday's report also noted that since 2001, several states have passed laws to combat driver's license counterfeiting. Although state-issued licenses have become, in essence, de facto national identification cards, Moore said NCSL doesn't support that tag. But legislatures are willing to impose certain standards nationwide that will make them less vulnerable to counterfeits, Moore said. Currently seven states -- California, Colorado, Florida, Georgia, Hawaii, Texas and West Virginia -- collect fingerprints when individuals apply for a license, but only Georgia uses fingerprint scans to certify an applicant's identity when issuing a replacement license.
West Virginia is the only state to use facial recognition software to verify applicants' identities when they renew or replace their licenses, although Colorado is considering a similar system. "It's a trend we're going to see continuing," Moore said.
Tuesday's report is the second from the legislative group's Task Force on Democracy. Last year, it issued a report with guidelines for state policymakers to assess their homeland security, public health and emergency response readiness.
*******************************
Federal Computer Week
Emergency teams get new tech
BY Sara Michael
July 24, 2003
Federal emergency workers in the field will get their own communications systems.
The Department of Health and Human Services is equipping vans of the Secretary's Emergency Response Teams with laptop computers and satellite communications, said KC Decker, a program analyst in the department's Office of the Assistant Secretary for Public Health Emergency Preparedness.
"The footprint they would take to the locale would be very small," Decker said, speaking at the GovSec conference in Washington. "It would basically have all the communications equipment you can carry."
The teams, which would be deployed in case of an emergency or terrorist attack, would be able to use the devices in their vans to communicate with department headquarters without interfering with other communications systems.
Decker said HHS' Response Technology Team is in the process of equipping these vans, and it is unclear when they will be operational.
The teams are centrally-based groups of experts from agencies such as the National Institutes of Health, Centers for Disease Control and Prevention and Food and Drug Administration. Each team has about eight to 10 members, Decker said, and can be deployed across the country within 24 to 48 hours of an incident. The concept is part of the Federal Response Plan.
*******************************
Federal Computer Week
Defense to test privacy training tool
BY Dan Caterinicchia
July 23, 2003
The Defense Department next week will begin testing a CD-ROM designed to outline the guidelines that govern data collection and dissemination and teach intelligence personnel how to comply with privacy statutes.
The 45-minute training program illustrates how defense intelligence personnel should deal with potentially private information collected about U.S. citizens, said George Lotz II, assistant to the secretary of defense for intelligence oversight.
Training is the key to ensuring privacy guidelines are met, said Lotz, speaking at a July 22 meeting of the Technology and Privacy Advisory Committee. The committee is an external oversight board established in February by DOD to ensure that the Terrorism Information Awareness program moves forward with proper regard for constitutional laws and existing privacy policies
"The safety net here is the user," he said. "The best protection against violations is training personnel in defense intelligence oversight rules."
Originally called Total Information Awareness, TIA is designed to help national security analysts track and stop terrorist attacks by spotting patterns in credit card and travel records, biometric authentication technologies, intelligence data and automated virtual data repositories. But the project, developed by the Defense Advanced Research Projects Agency, is under heavy criticism by privacy advocates.
Lotz's office began reviewing the information awareness program last December because of the public outcry. "To date, that review found no information that TIA was being used to violate the rights of U.S. persons," Lotz said Tuesday.
The review will continue throughout the life of the program, Lotz said, adding that his real involvement with it will come when and if the information awareness software tools are used by defense intelligence agencies.
Vahan Moushegian, director of the privacy office for DOD, said high-level authority should be received before collecting information using TIA.
"Only information that is minimally necessary to accomplish that mission [should be collected], no more," Moushegian said, adding that a felony charge should be the punishment for abusing the system.
Once officials approve use of the information awareness program, confidentiality through audits and penalties for abuse should already be established, Moushegian said.
*******************************
Government Computer News
07/24/03
Draft e-authentication technical guidance due in September
By Vandana Sinha
GCN Staff
A draft version of technical guidance for the new Office of Management and Budget policy on electronic authentication could be released as soon as Labor Day and will arrive no later than the end of September, said a government official managing the process.
The National Institute of Standards and Technology is developing the guidance, which recommends that agencies buy identification technologies that can be implemented governmentwide, rather than individually, to promote interoperability.
NIST officials plan to present the working group's approach to defining password requirements at the July 30 meeting of the Federal Identity and Credentialing Committee, which OMB recently established to develop a common credential policy for federal employees.
The technical guidance will likely cover passwords and cryptographic keys, as well as knowledge-based authentication, which asks users to answer certain questions to verify their identities, said Bill Burr, manager of NIST's Security Technology Group.
"This is an ongoing process," he said. "We probably won?t get it right the first time, but hopefully we get close enough. We?ll have to evolve." After circulating and revising a draft copy in September, the agency plans to post the full guidance on its Web site for public comment.
For now, however, Burr said the working group is concentrating on building requirements for passwords and keys through OMB's prescribed four levels of security risk.
The lowest-level requirements would likely address personal identification numbers and passwords that don't involve much creativity, he said. The second level would likely address passwords developed through off-the-shelf software.
The third and fourth levels probably will refer to cryptographic passwords. The third is expected to address those that work through software add-ons to Internet browsers, and the fourth will offer guidance on use of keys housed in hardware tokens, such as smart cards.
"We'll lay out a bunch of protocol rules about the kinds of attacks they have to defend against," Burr said. "This is a really challenging thing to do in a comprehensive kind of way."
*******************************
Associated Press
Music-Sharing Subpoenas Targets Parents
Thu Jul 24, 2:18 AM ET
By TED BRIDIS, AP Technology Writer
WASHINGTON - Parents, roommates even grandparents are being targeted in the music industry's new campaign to track computer users who share songs over the Internet, bringing the threat of expensive lawsuits to more than college kids.
"Within five minutes, if I can get hold of her, this will come to an end," said Gordon Pate of Dana Point, Calif., when told by The Associated Press that a federal subpeona had been issued over his daughter's music downloads. The subpoena required the family's Internet provider to hand over Pate's name and address to lawyers for the recording industry.
Pate, 67, confirmed that his 23-year-old daughter, Leah Pate, had installed file-sharing software using an account cited on the subpoena. But he said his daughter would stop immediately and the family didn't know using such software could result in a stern warning, expensive lawsuit or even criminal prosecution.
"There's no way either us or our daughter would do anything we knew to be illegal," Pate said, promising to remove the software quickly. "I don't think anybody knew this was illegal, just a way to get some music."
The president of the Recording Industry Association of America (news - web sites), the trade group for the largest music labels, warned that lawyers will pursue downloaders regardless of personal circumstances because it would deter other Internet users.
"The idea really is not to be selective, to let people know that if they're offering a substantial number of files for others to copy, they are at risk," Cary Sherman said. "It doesn't matter who they are."
Over the coming months this may be the Internet's equivalent of shock and awe, the stunning discovery by music fans across America that copyright lawyers can pierce the presumed anonymity of file-sharing, even for computer users hiding behind clever nicknames such as "hottdude0587" or "bluemonkey13."
In Charleston, W.Va., college student Amy Boggs said she quickly deleted more than 1,400 music files on her computer after the AP told her she was the target of another subpoena. Boggs said she sometimes downloaded dozens of songs on any given day, including ones by Fleetwood Mac, Blondie, Incubus and Busta Rhymes.
Since Boggs used her roommates' Internet account, the roommates' name and address was being turned over to music industry lawyers.
"This scares me so bad I never want to download anything again," said Boggs, who turned 22 on Thursday. "I never thought this would happen. There are millions of people out there doing this."
In homes where parents or grandparents may not closely monitor the family's Internet use, news could be especially surprising. A defendant's liability can depend on their age and whether anyone else knew about the music downloads.
Bob Barnes, a 50-year-old grandfather in Fresno, Calif., and the target of another subpeona, acknowledged sharing "several hundred" music files. He said he used the Internet to download hard-to-find recordings of European artists because he was unsatisfied with modern American artists and grew tired of buying CDs without the chance to listen to them first.
"If you don't like it, you can't take it back," said Barnes, who runs a small video production company with his wife from their three-bedroom home. "You have all your little blonde, blue-eyed clones. There's no originality."
Citing on its subpoenas the numeric Internet addresses of music downloaders, the RIAA has said it can only track users by comparing those addresses against subscriber records held by Internet providers. But the AP used those addresses and other details culled from subpoenas and was able to identify and locate some Internet users who are among the music industry's earliest targets.
Pate was wavering whether to call the RIAA to negotiate a settlement. "Should I call a lawyer?" he wondered.
The RIAA's president wasn't sure what advice to offer because he never imagined downloaders could be identified by name until Internet providers turned over subscriber records.
"It's not a scenario we had truthfully envisaged," Sherman said. "If somebody wants to settle before a lawsuit is filed it would be fine to call us, but it's really not clear how we're going to perceive this."
The RIAA has issued at least 911 subpoenas so far, according to court records. Lawyers have said they expect to file at least several hundred lawsuits within eight weeks, and copyright laws allow for damages of $750 to $150,000 for each song.
The AP tracked targets of subpoenas to neighborhoods in Boston; Chicago; St. Louis; San Francisco; New York and Ann Arbor, Mich.
Outside legal experts urged the music industry to carefully select targets for its earliest lawsuits. Several lawyers said they were doubtful the RIAA ultimately will choose to sue computer users like the Pate family.
"If they end up picking on individuals who are perceived to be grandmothers or junior high students who have only downloaded in isolated incidents, they run the risk of a backlash," said Christopher Caldwell, a lawyer in Los Angeles who works with major studios and the Motion Picture Association of America.
The recording industry said Pate's daughter was offering songs by Billy Idol, Missy Elliot, Duran Duran, Def Leppard and other artists. Pate said that he never personally downloaded music and that he so zealously respects copyrights that he doesn't videotape movies off cable television channels.
Barnes, who used the Napster (news - web sites) service until the music industry shut it down, said he rarely uses file-sharing software these days unless his grandson visits. The RIAA found songs on his computer by Marvin Gaye, Savage Garden, Berlin, the Eagles, Dire Straits and others.
Barnes expressed some concern about a possible lawsuit but was confident that "more likely they will probably come out with a cease and desist order" to stop him sharing music files on the Internet.
"I think they're trying to scare people," Barnes said.
___
On the Net:
Recording Industry Association of America: www.riaa.org
Subpoena Defense: www.subpoenadefense.org
*******************************
Australian IT
Anti-spam laws outlined
Staff writers
JULY 23, 2003
NEW laws to create an enforced ban on spam would be introduced later this year, Communications Minister Richard Alston confirmed today.
The laws were flagged earlier this year but further details were released today.
Anti-spam laws would be administered by the Australian Communications Authority and those violating the legislation would face fines.
Senator Alston said Cabinet agreed yesterday to introduce anti-spam legislation before the end of the year, following a report by the National Office for the Information Economy (NOIE).
"Spam is a menace to home and business e-mail users and is a major scourge of productivity," the Department of Communications, IT and the Arts said in a statement.
The legislation will ban unsolicited commercial email "without the prior consent of end-users unless there is an existing customer-business relationship", or an opt-in system.
All commercial email would have to contain accurate details of the sender's name and physical address and a working "unsubscribe" facility, and the collation of lists through "email harvesting" would also be banned.
The ACA would be able to seek enforceable undertakings, court injunctions and fines under the laws.
The Government said it would work with industry and seek to protect businesses which undertake legitimate email marketing. There would be a 120-day "sunrise" period after the legislation is introduced for marketers to ensure their practices were compliant.
*******************************
USA Today
Counterfeit ring hacks Nebraska bank's computer
Posted 7/23/2003 3:54 PM
KEARNEY, Neb. (AP) Some customers of a Kearney bank lost access to their debit card accounts after a Malaysian counterfeit ring hacked the bank's computer system and attacked its Visa Check Card program..
According to a report in the Kearney Hub, ove rthe weekend the Malaysian crime ring stole debit card numbers and made $13.99 transactions on Platte Valley Bank accounts, said bank president Mark Sutko.
The bank took immediate action to stop the fraudulent authorizations. Using its fraud detection and prevention systems, Platte Valley was able to identify all the card numbers involved and took steps to protect customers affected, Sutko said.
"We limited the impact to a small number of customers," Sutko said in the Hub's Tuesday edition. "No customers sustained any losses. The only impact felt by our customers is the inconvenience of getting new debit cards issued to them."
Sutko said the bank sent letters to customers whose accounts were targeted.
"We are letting people know if they need to have new debit cards issued," he said. "The bank wants to alleviate any concerns our customers have."
Todd Stover of Kearney was among Platte Valley debit card holders whose accounts were affected. When Stover tried to use an ATM Monday for a cash withdrawal, the machine would not accept his PIN number.
Stover said he was required to order a new debit card with a different account number. He said an authorized charge of $13.99 appeared on his account, but the bank immediately removed the transaction.
Sutko said Platte Valley became aware of the Malaysian counterfeit ring's activities when the bank's high-tech trip wires discovered the unauthorized transactions.
"Platte Valley also has implemented additional fraud prevention processes and technology features to lessen this type of fraud exposure and help prevent it from re-occurring in the future," said Sutko.
Sutko said law enforcement officials would not be contacted about the situation and the bank is handling the problem internally.
*******************************